Here is a patchset that implements "kiosk" mode for KDB debugger. Themode provides reduced set of features, so that it is no longer possibleto leak sensitive data via the debugger, and not possible to changeprogram flow in a predefined manner.

The are two use-cases for the mode, one is evil, but another is quitelegitimate.

The evil use case is used by some (ahem) phone manufaturers that wantto have a debuging facilities on a production device, but still don'twant you to use the debugger to gain root access. I don't like lockedphones, and I would not touch this/get my hands dirty by implementingthe feature just for this evil (IMHO) use case.

But there is another non-evil use case: limitting access to publicdevices, i.e. "kiosks", ATMs (is that too much?) or just publiccomputers w/ guest access. I can imagine that an administrator wouldwant to setup a kernel so that upon an oops (or a sysrq event) thekernel would enter KDB, but at the same time, he would not want toleak sensitive data from the PC by means of the debugger.

There are seven patches, the first five of them are just cleanups andpreparations. I believe these five patches are good even if notconsidering the kiosk mode. And the rest of patches actually implementthe mode -- it is pretty straightforward.

Note that we might impelement the same mode for KGDB stub, but so farwe don't bother.